Documentation
¶
Overview ¶
Package tempentries provides a temporary pre-authentication records.
Index ¶
- Constants
- type NoDataFoundError
- type PreAuthUserRecords
- func (r *PreAuthUserRecords) AllUsers() ([]types.UserEntry, error)
- func (r *PreAuthUserRecords) GroupByID(gid uint32) (types.GroupEntry, error)
- func (r *PreAuthUserRecords) MaybeCompletePreauthUser(name string) (uid uint32, cleanup func(), err error)
- func (r *PreAuthUserRecords) RegisterPreAuthUser(loginName string, uid uint32) (err error)
- func (r *PreAuthUserRecords) UserByID(uid uint32) (types.UserEntry, error)
- func (r *PreAuthUserRecords) UserByLogin(name string) (types.UserEntry, error)
Constants ¶
const ( // MaxPreAuthUsers is the maximum number of pre-auth users that can be registered. If this limit is reached, // RegisterPreAuthUser will return an error and disable login for new users via SSH until authd is restarted. // // This value must be significantly smaller (less than half) than the number of UIDs which can be generated (as // defined by UID_MIN and UID_MAX in the config file), otherwise finding a unique UID by trial and error can take // too long. MaxPreAuthUsers = 4096 // MaxPreAuthUserNameLength is the maximum length of the pre-auth user name. MaxPreAuthUserNameLength = 256 // UserPrefix is the prefix used as login name by the pre-auth temporary users. UserPrefix = "authd-pre-auth-user" )
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type NoDataFoundError ¶
type NoDataFoundError = db.NoDataFoundError
NoDataFoundError is the error returned when no entry is found in the database.
type PreAuthUserRecords ¶
type PreAuthUserRecords struct {
// contains filtered or unexported fields
}
PreAuthUserRecords is a structure holding in memory all the temporary users that have done a pre-auth request.
func NewPreAuthUserRecords ¶
func NewPreAuthUserRecords() *PreAuthUserRecords
NewPreAuthUserRecords creates a new instance of [preAuthUserRecords] that can be used to track the temporary preauth user entries.
func (*PreAuthUserRecords) AllUsers ¶
func (r *PreAuthUserRecords) AllUsers() ([]types.UserEntry, error)
AllUsers returns all pre-auth users as a slice of UserEntry.
func (*PreAuthUserRecords) GroupByID ¶
func (r *PreAuthUserRecords) GroupByID(gid uint32) (types.GroupEntry, error)
GroupByID returns the private-group information for the given user ID.
func (*PreAuthUserRecords) MaybeCompletePreauthUser ¶
func (r *PreAuthUserRecords) MaybeCompletePreauthUser(name string) (uid uint32, cleanup func(), err error)
MaybeCompletePreauthUser tries to complete a pre-auth user registration.
Returns the generated UID if the user was found in the pre-auth list or an, and a cleanup function that should be called to remove the temporary user once the user is added to the database.
func (*PreAuthUserRecords) RegisterPreAuthUser ¶
func (r *PreAuthUserRecords) RegisterPreAuthUser(loginName string, uid uint32) (err error)
RegisterPreAuthUser registers a temporary user with a unique UID in our NSS handler (in memory, not in the database).
The temporary user record is removed when [MaybeCompletePreauthUser] is called with the same username.
This method is called when a user logs in for the first time via SSH, in which case sshd checks if the user exists on the system (before authentication), and denies the login if the user does not exist. We pretend that the user exists by creating this temporary user record, which is converted into a permanent user record when [RegisterUser] is called after the user authenticated successfully.
func (*PreAuthUserRecords) UserByID ¶
func (r *PreAuthUserRecords) UserByID(uid uint32) (types.UserEntry, error)
UserByID returns the user information for the given user ID.
func (*PreAuthUserRecords) UserByLogin ¶
func (r *PreAuthUserRecords) UserByLogin(name string) (types.UserEntry, error)
UserByLogin returns the user information for the given user name.
Source Files